DevSecOps: Catching Fire
In DevOps, those who can’t keep pace are often left behind. For many people
leading DevOps initiatives over the past few years, this led to a painful
choice of leaving security by the wayside. Many Waterfall-native approaches
to security could not keep pace with their new DevOps-native requirements and
they were shunned.
Gene Kim and Josh Corman first sounded the death knell for security as we
knew it during their 2012 RSA presentation, Security Is Dead. Long Live
DevOps: IT at Ludicrous Speed. However, as with so many things in our world,
necessity is the mother of invention. Leaving security out of the DevOps
toolchain was not an option for some and unimaginable for others.
Fast forward four years and things have changed dramatically. We are on the
cusp of a new era of security that lives at ludicrous speed. Software-defined
security is c... (more)
The DevOps pipeline is constantly changing. Therefore relevant security
controls must be applied contextually.
We want to be secure, but I think all of us would rather spend our time
developing and deploying software. Keeping up with server updates and all of
the other security tasks is like cleaning your home - you know it has to be
done, but you really just want to enjoy your clean home. The good news is you
can hire a "service" to keep your application security up-to-date, giving you
more time to develop.
At the recent All Day DevOps conference, Akash Mahajan (@makash), a
Snowflakes are beautiful, unique creations. But, let's keep them in nature.
They don't belong in our server infrastructure. Snowflake servers, where
every configuration is just a little different, can introduce unnecessary
security vulnerabilities and complications. While common in IT
infrastructure, in the DevOps realm, they are gradually becoming ancient
At the recent All Day DevOps conference, Erlend Oftedal (@webtonull),
with Blank and head of the OWASP Norway chapter, discussed the benefits of
immutable infrastructure practices within serverless architectures. Erl... (more)
We all know the story: a farm, a kid, a Commodore 64, and a modem maxing out
at 300 bps. A few unexpected phone bills later, and young Ian Allison is
figuring out how to game the system so he can keep using his newfound
gateway to the world of tech. According to Ian, that is where he began
building the foundation of skills for his career in computer security.
At the recent All Day DevOps conference, Ian (@iallison), now with Intuit,
talked about his history of being "that" security guy. You know, the one who
thinks developers don't care about security or deadlines, and, really, ... (more)
When you have a billion users, people notice. That's where our story about
DevOps and Yahoo! starts. For Kishore Jalleda and Gopal Mor, both engineers
at Yahoo!, when something goes wrong on a Yahoo! page, people will notice.
Correction: a lot of people will notice.
Of course, Yahoo!, like all services on the Internet, constantly improves its
products. In fact, they have 100+ iterations and experiments happening at
any given time. Some changes bring new innovation to the forefront and
others alter the user experience.
When iterations and experiments are served in front of loy... (more)